Skip to content

Commit

Permalink
Add support for rustls-platform-verifier
Browse files Browse the repository at this point in the history
  • Loading branch information
djc committed May 14, 2024
1 parent 3da5283 commit 4a982ef
Show file tree
Hide file tree
Showing 5 changed files with 28 additions and 4 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,8 @@ jobs:
features: "--no-default-features"
- name: "feat.: rustls-tls"
features: "--no-default-features --features rustls-tls"
- name: "feat.: rustls-tls-platform-verifier"
features: "--no-default-features --features rustls-tls-platform-verifier"
- name: "feat.: rustls-tls-manual-roots"
features: "--no-default-features --features rustls-tls-manual-roots"
- name: "feat.: rustls-tls-native-roots"
Expand Down
2 changes: 2 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ native-tls-vendored = ["native-tls", "native-tls-crate?/vendored"]

rustls-tls = ["rustls-tls-webpki-roots"]
rustls-tls-manual-roots = ["__rustls"]
rustls-tls-platform-verifier = ["dep:rustls-platform-verifier", "__rustls"]
rustls-tls-webpki-roots = ["dep:webpki-roots", "__rustls"]
rustls-tls-native-roots = ["dep:rustls-native-certs", "__rustls"]

Expand Down Expand Up @@ -140,6 +141,7 @@ rustls-pki-types = { version = "1.1.0", features = ["alloc"] ,optional = true }
tokio-rustls = { version = "0.25", optional = true }
webpki-roots = { version = "0.26.0", optional = true }
rustls-native-certs = { version = "0.7", optional = true }
rustls-platform-verifier = { version = "0.2", optional = true }

## cookies
cookie_crate = { version = "0.18.0", package = "cookie", optional = true }
Expand Down
13 changes: 12 additions & 1 deletion src/async_impl/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -565,10 +565,21 @@ impl ClientBuilder {
return Err(crate::error::builder("empty supported tls versions"));
}

#[cfg(feature = "rustls-tls-platform-verifier")]
let verifier = Arc::new(rustls_platform_verifier::Verifier::new());
#[cfg(not(feature = "rustls-tls-platform-verifier"))]
let verifier =
rustls::client::WebPkiServerVerifier::builder(Arc::new(root_cert_store))
.build()
.map_err(|_| {
crate::error::builder("no trust anchors have been provided")
})?;

// Build TLS config
let config_builder =
rustls::ClientConfig::builder_with_protocol_versions(&versions)
.with_root_certificates(root_cert_store);
.dangerous()
.with_custom_certificate_verifier(verifier);

// Finalize TLS config
let mut tls = if let Some(id) = config.identity {
Expand Down
2 changes: 2 additions & 0 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -192,6 +192,8 @@
//! while using root certificates from the `webpki-roots` crate.
//! - **rustls-tls-native-roots**: Enables TLS functionality provided by `rustls`,
//! while using root certificates from the `rustls-native-certs` crate.
//! - **rustls-tls-platform-verifier**: Enables TLS functionality provided by `rustls`,
//! while using the platform's native certificate verifier.
//! - **blocking**: Provides the [blocking][] client API.
//! - **charset** *(enabled by default)*: Improved support for decoding text.
//! - **cookies**: Provides cookie session support.
Expand Down
13 changes: 10 additions & 3 deletions tests/badssl.rs
Original file line number Diff line number Diff line change
Expand Up @@ -59,14 +59,21 @@ async fn test_badssl_self_signed() {
assert!(text.contains("<title>self-signed.badssl.com</title>"));
}

#[cfg(feature = "__tls")]
#[cfg(all(feature = "__tls", not(feature = "rustls-tls-platform-verifier")))]
#[tokio::test]
async fn test_badssl_no_built_in_roots() {
let result = reqwest::Client::builder()
.tls_built_in_root_certs(false)
.no_proxy()
.build()
.unwrap()
.build();

// Some configurations will fail to build a client without roots
let client = match result {
Ok(client) => client,
Err(_) => return,
};

let result = client
.get("https://mozilla-modern.badssl.com/")
.send()
.await;
Expand Down

0 comments on commit 4a982ef

Please sign in to comment.